CVE-2026-55706 - Vulnerability Details - OpenCVE

ReportizFlow

sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Openbsd	Openbsd

No data.

No data.

References

Link	Providers
https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html
https://blog.argus-systems.ai/blog/poc-001-pap-bypass.py
https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8
https://www.openwall.com/lists/oss-security/2026/06/16/9

History

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Title		Authentication Bypass via Zero-Length Input in sppp_pap
References		https://blog.argus-systems.ai/blog/poc-001-pap-bypass.py
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 17 Jun 2026 05:15:00 +0000

Type	Values Removed	Values Added
Description		sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
First Time appeared		Openbsd Openbsd openbsd
Weaknesses		CWE-1284
CPEs		cpe:2.3:o:openbsd:openbsd::::::::
Vendors & Products		Openbsd Openbsd openbsd
References		https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8 https://www.openwall.com/lists/oss-security/2026/06/16/9
Metrics		cvssV3_1 `{'score': 5.8, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-17T00:53:23.246Z

Updated: 2026-06-17T14:33:01.050Z

Reserved: 2026-06-17T00:53:22.791Z

Link: CVE-2026-55706

Vulnrichment

Updated: 2026-06-17T14:32:37.796Z

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-55706", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-06-17T00:53:22.791Z", "datePublished": "2026-06-17T00:53:23.246Z", "dateUpdated": "2026-06-17T14:33:01.050Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenBSD", "vendor": "OpenBSD", "versions": [{"lessThan": "076e2b1c1fc4ac0883a72d3544131ad5cee7adf8", "status": "affected", "version": "0", "versionType": "git"}]}], "descriptions": [{"lang": "en", "value": "sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-06-17T00:53:23.246Z"}, "references": [{"url": "https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html"}, {"url": "https://www.openwall.com/lists/oss-security/2026/06/16/9"}, {"url": "https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", "versionEndExcluding": "076e2b1c1fc4ac0883a72d3544131ad5cee7adf8"}]}]}]}, "adp": [{"references": [{"url": "https://blog.argus-systems.ai/blog/poc-001-pap-bypass.py", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T14:32:57.493186Z", "id": "CVE-2026-55706", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T14:33:01.050Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-55706", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-17T14:32:57.493186Z"}}}], "references": [{"url": "https://blog.argus-systems.ai/blog/poc-001-pap-bypass.py", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T14:32:37.796Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenBSD", "product": "OpenBSD", "versions": [{"status": "affected", "version": "0", "lessThan": "076e2b1c1fc4ac0883a72d3544131ad5cee7adf8", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html"}, {"url": "https://www.openwall.com/lists/oss-security/2026/06/16/9"}, {"url": "https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "076e2b1c1fc4ac0883a72d3544131ad5cee7adf8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-06-17T00:53:23.246Z"}}}, "cveMetadata": {"cveId": "CVE-2026-55706", "state": "PUBLISHED", "dateUpdated": "2026-06-17T14:33:01.050Z", "dateReserved": "2026-06-17T00:53:22.791Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-06-17T00:53:23.246Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}